Main menu

AMD Catalyst driver update vulnerability

The AMD Catalyst driver auto update feature enables users to automatically update the AMD Catalyst driver on their machine through a single click when the driver determines that it is out of date.

However a vulnerability exists in this mechanism as a result of:

The download URL and binary download is done over HTTP

The binary is not verified as having been signed by AMD before execution

This means that a MITM can intercept the requests to the AMD support site and redirect the auto-update feature to download and execute a binary of the attacker’s choice without the user knowing any better when they decide to auto-update.

23.11.2012 – Sent a request for security contact details
23.11.2012 – Vendor informs that they will only coordinate issues through their support ticket system
23.11.2012 – Sent details as per request including proof of concept
26.11.2012 – Vendor acknowledges receipt of details and request further contact details
29.11.2012 – Vendor confirms that the team is working with their web team to address the issue
10.12.2012 – Mail sent asking for a rough timeline
14.12.2012 – Vendor replies informing that the driver team is still working on the issue, and that their legal team is also involved
19.12.2012 – Vendor publishes advisory: http://support.amd.com/us/kbarticles/Pages/AMDauto-updatenotification.aspx
17.01.2013 – Vendor releases AMD Catalyst 13.1, removing the update feature